CVE-2025-20196 — MEDIUM (5.3)

Q: How severe is CVE-2025-20196?

CVE-2025-20196 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-20196?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Cgr1000 Firmware, Cisco Cgr1000, Cisco Ir510 Wpan Firmware, Cisco Ir510 Wpan.

Vulnerability Description

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the Cisco IOx application hosting environment to stop responding. The IOx process will need to be manually restarted to recover services.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Ios Xe	16.1.1
Cisco	Cgr1000 Firmware	< 15.9\(3\)m12
Cisco	Cgr1000	-
Cisco	Ir510 Wpan Firmware	-
Cisco	Ir510 Wpan	-
Cisco	Ic3000 Industrial Compute Gateway Firmware	< 1.5.2
Cisco	Ic3000 Industrial Compute Gateway	-
Cisco	807 Industrial Integrated Services Router Firmware	< 15.9\(3\)m11
Cisco	807 Industrial Integrated Services Router	-
Cisco	809 Industrial Integrated Services Router Firmware	< 15.9\(3\)m11
Cisco	809 Industrial Integrated Services Router	-
Cisco	829 Industrial Integrated Services Router Firmware	< 15.9\(3\)m11
Cisco	829 Industrial Integrated Services Router	-
Cisco	Catalyst 9100	-
Cisco	Catalyst 9105	-
Cisco	Catalyst 9105Ax	-
Cisco	Catalyst 9105Axi	-
Cisco	Catalyst 9105Axw	-
Cisco	Catalyst 9105I	-
Cisco	Catalyst 9105W	-

Related Weaknesses (CWE)

CWE-307

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2025-20196?

CVE-2025-20196 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application host...

How severe is CVE-2025-20196?

CVE-2025-20196 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-20196?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Cgr1000 Firmware, Cisco Cgr1000, Cisco Ir510 Wpan Firmware, Cisco Ir510 Wpan.